https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7940
John Hardin <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from John Hardin <[email protected]> --- It's not based on "phishing URLs" or the specific link, it's based on having body text that looks like account phishing and having a URL. The body text that looks suspiciously like phishing is, unsurprisingly, "confirm your account". The reason one version hits and the other does not is, the rule is looking for multiple phishing text fragments, and the repetition of that text in the plain-text and HTML body parts unfortunately counts double. > X-Spam-Status: No, score=3.717 tagged_above=2 required=6.2 As Loren said, this is not a FP, as the total score for the message did not exceed the spam threshold. This is a single-rule hit on spammy-looking content without other signs to support it. That happens. It is not a bug that a given rule will hit some ham. The only suggestion I can offer is that you reword your message to make it look less like phishing. Perhaps: Please confirm that you created an account on our service using that email address by clicking this link: <a mumble>Confirm new account</a> -- You are receiving this mail because: You are the assignee for the bug.
